problem adding code

fullyloaded

Hi everyone,
i have been updating my site trying to make it a little more secure, and am having a problem adding my new code. Anyone have any idea how to do this? i already have the code done but am having a hard time adding it in the right place thank you.

My login code:

session_start();
function returnheader($location){
    $returnheader = header("location: $location");
    return $returnheader;
}
include_once("dbc.php");
$errors = array();
if(isset($_POST["iebugaround"])){
    $uname = trim(htmlentities($_POST['username']));
    $passw = trim(htmlentities($_POST['password']));
    $datetime = trim(htmlentities($_POST['lastlogin']));
    $datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
    if(empty($uname) || empty($passw)){
        $errors[] = "$required_fields";
    }
    if(!$errors){
        $passencrypt = hash('sha512', $_POST['password']);
        $query = "SELECT * FROM memberlist WHERE username='".mysql_real_escape_string($uname)."' AND password='".mysql_real_escape_string($passencrypt)."'";
        $result = mysql_query($query) OR die(mysql_error());
        $result_num = mysql_num_rows($result);
        if($result_num &gt; 0){
            while($row = mysql_fetch_array($result)){
                $idsess = stripslashes($row["id"]);
                $firstnamesess = stripslashes($row["firstname"]);
                $username = stripslashes($row["username"]);
                $_SESSION["SESS_USERID"] = $idsess;
                $_SESSION["SESS_USERFIRSTNAME"] = $firstnamesess;
                $_SESSION["SESS_USERNAME"] = $username;
                setcookie("userloggedin", $username);
                setcookie("userloggedin", $username, time()+43200);
                returnheader("users.php");
            }
            } else {
            $errors[] = "$incorrectLogin";
        }
    }
    } else {
    $uname = "";
}

Code i'm trying to add to my login code:

foreach(mysql_fetch_array($result) as $row){
    if ($row["actnum"] == "0" || $row["numloginfail"] &lt;= 5){
        $sql = "UPDATE memberlist Set lastlogin = '{$datetime}', numloginfail = '5' WHERE username = '{$uname}'";
        mysql_query($sql, $conn) OR die(mysql_error());
    }
    if ($row["lastloginfail"] &gt;= ($datetime-5)){
        $sql = "UPDATE memberlist Set numloginfail = numloginfail + 1, lastloginfail = '{$datetime}' WHERE username = '{$uname}'";
        mysql_query($sql, $conn) OR die(mysql_error());
        }else{
        $sql = "UPDATE memberlist Set lastloginfail = '{$datetime}' WHERE username = '{$uname}'";
        mysql_query($sql, $conn) OR die(mysql_error());
    }
    if ($row["lastloginfail"] &lt;= ($datetime-30)){
        $sql = "UPDATE memberlist Set numloginfail = '0' WHERE username = '{$uname}'";
        mysql_query($sql, $conn) OR die(mysql_error());
        $errors[] = "$underAttackReLogin, $uname";
        }else{
        $errors[] = "$underAttackPleaseWait";
        }else{
        $errors[] = "$accountNotActivated";
    }
}

dalecosp

Can you go through and add comments to your code, saying what you're doing?

Sometimes this help me think through a process/procedure ... and that sheds light on where to add new features.